diff options
author | Nick Kralevich <nnk@google.com> | 2015-01-14 14:12:14 -0800 |
---|---|---|
committer | Nick Kralevich <nnk@google.com> | 2015-01-14 22:18:24 +0000 |
commit | 99940d1af5719f1622fa2a17f8daf6cb21de3ad1 (patch) | |
tree | 2a9c86455c64d0e8452cb3379ddb4f43aca4ee12 /netd.te | |
parent | 4a89cdfa89448c8660308a31bfcb517fffaa239e (diff) | |
download | android_external_sepolicy-99940d1af5719f1622fa2a17f8daf6cb21de3ad1.tar.gz android_external_sepolicy-99940d1af5719f1622fa2a17f8daf6cb21de3ad1.tar.bz2 android_external_sepolicy-99940d1af5719f1622fa2a17f8daf6cb21de3ad1.zip |
remove /proc/net read access from domain.te
SELinux domains wanting read access to /proc/net need to
explicitly declare it.
TODO: fixup the ListeningPortsTest cts test so that it's not
broken.
Bug: 9496886
Change-Id: Ia9f1214348ac4051542daa661d35950eb271b2e4
Diffstat (limited to 'netd.te')
-rw-r--r-- | netd.te | 3 |
1 files changed, 2 insertions, 1 deletions
@@ -23,7 +23,8 @@ allow netd system_file:file x_file_perms; allow netd devpts:chr_file rw_file_perms; # For /proc/sys/net/ipv[46]/route/flush. -allow netd proc_net:file write; +allow netd proc_net:file rw_file_perms; +allow netd proc_net:dir r_dir_perms; # For /sys/modules/bcmdhd/parameters/firmware_path # XXX Split into its own type. |